Talos Vulnerability Report

TALOS-2016-0169

August 26, 2016

CVE Number

CVE-2016-4307

Summary

A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user mode to trigger this vulnerability.

The instruction at 0x00018D2E is executed in a loop. The purpose of this loop is to calculate
the input string length by scanning for a NULL character. However if the NULL character
is not found in the supplied input string this loop will continue reading memory
that exceeds the bounds of supplied buffer which in most of cases will cause
a access violation and a system crash.